On Sat, Mar 19, 2011 at 5:02 PM, jaivuk <jaivuk@xxxxxxxxx> wrote: > > However when I added rd.luks.key=/mykey:abcd-1234 into the grub > (Instead of abcd-1234 I use real UUID of my key) the boot fails and I > end up in the dracut shell. > If you cannot capture console log, at this point mount some filesystem rw and dump dmesg ouput there. dracut logs into kmsg so it may provide some insight into the problem. > Here is how my updated kernel parameters look like: > > kernel /vmlinuz-2.6.35.11-83.fc14.i686 ro root=/dev/mapper/vg2-lv_root > rd.luks.uuid=luks-6508ce25-91d1-469a-9423-7b10ef00754e > rd.luks.uuid=luks-73608094-4b4d-48bf-99a6-0493aeb7498d > rd.luks.uuid=luks-9d1124c6-22fe-4572-984b-175c0e307a1f > rd.luks.uuid=luks-eac11ed2-4136-4f73-bda7-1af1c09fe644 > rd.md.uuid=eb005502:33822bc2:b956ad0a:be45f8e0 > rd.md.uuid=9ce2b0c0:ed400210:451f5dab:694b56f7 > rd.md.uuid=5e644250:1dda1a02:9365481e:4e0aee0a > rd.md.uuid=2e0eedaf:41d79b6b:0bed1099:5adc22ef rd.lvm.lv=vg2/lv_root > rd.lvm.lv=vg2/lv_swap rd.dm=0 rd.luks.key=/mykey:abcd-1234 > LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us > > The change in dracut seem to be quite turbulent and I hope it will > settle a bit. It make take me a while to create patch for dracut 008 > and then I can realize you are elsewhere with dracut 009... > > dracut.kernel man page confuses me as well: > " If luksdev is given, the specified key will only be > applied for that LUKS device. Possible values are the same > as for keydev. Unless you have several LUKS devices, you > don't have to specify this parameter." > > I have several luks devices, but one key only. Does it mean I have to > list them all manually for the key again? > no > So I have to ask you - what logic is used to mount luks partitions > with the key on external device in dracut 008? Dracut tries to mount all devices that match <keydev> spefication and checks whether <keypath> exists inside of this filesystem. If yes, it remembers this device as suitable for specified <luksdev>. Later in cryptroot-ask it will call cryptsetup -d "$mntp/$keypath" luksOpen "$device" "$luksname" where device is real device. The first thing to try is to use just /keydev; this will try to apply this key to every LUKS device and will probe all available disks. > (When I modified dracut 005 I had to add delay before USB was checked, > in dracut 008 USB is checked in the loop but if it fails, it does not > ask for password, but ends in shell.) It re queues cryptroot-ask for after udev queue is settled if key is not available initially. If device is still not available at this point, I am not sure what can be done sensibly. > > I have this idea how it can be done (when external key is specified) [...] > > In my view this can be implemented without any changes in the > cryptsetup tools. Another option to consider is to try to mount luks > device based on event comming from udev (once key is attached) - and > then perform point b) - what do you think? > Tested patches are welcome :) > And can I get any help in > trouble-shooting my problem with dracut 008? > Please provide dmesg output after failed boot. -- To unsubscribe from this list: send the line "unsubscribe initramfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
